Globalization of Integrated Circuit design is making IC/Intellectual Property (“IP”) designers and users reevaluate their trust in hardware. (See, e.g., Reference 2). As the IC design flow can be distributed worldwide, hardware can be prone to new kinds of attacks such as reverse engineering and IP piracy. (See, e.g., Reference 1). An attacker, anywhere in the design flow, can reverse engineer the functionality of an IC/IP. The attacker can then steal and claim ownership of the IP. An untrusted IC foundry can overbuild ICs and sell them illegally. Finally, rogue elements in the foundry can insert malicious circuits (e.g., hardware trojans) into the design without the designer's knowledge. (See, e.g., Reference 3). Because of these attacks, the semiconductor industry loses approximately $4 billion annually. (See, e.g., Reference 4).
If a designer can hide the functionality of an IC while it passes through the different, potentially untrustworthy, phases of the design flow, these attacks can be thwarted. (See, e.g., Reference 1). Logic obfuscation can hide the functionality and the implementation of a design by inserting additional gates into the original design. In order for the design to exhibit its correct functionality (e.g., produce correct outputs), a valid key has to be supplied to the obfuscated design. The gates inserted for obfuscation can be the key-gates. Upon applying a wrong key, the obfuscated design can exhibit an incorrect functionality (e.g., produce wrong outputs).
For example, FIG. 1 illustrates an exemplary circuit obfuscated using two key-gates K1 and K2. The inputs I1-I6 can be the functional inputs and KI and K2 can be the key inputs connected to the key-gates. On applying the correct key values (K1=0 and K2=1) the design can produce a correct output; otherwise, it can produce a wrong output. Logic obfuscation can be incorporated into the IC design flow, as shown in FIG. 2. (e.g., See, e.g., Reference 1). In the untrusted design phases, the IC can be obfuscated, and its functionality may not be revealed. Post fabrication, the IP vendor can activate the obfuscated design by applying the valid key. The keys can be stored in a tamper-evident memory inside the design to prevent access to an attacker, rendering the key inputs inaccessible by an attacker.
Logic obfuscation can be defeated if an attacker can determine the secret keys used for the obfuscation. By determining the keys, the attacker can decipher the functional netlist, and make pirated copies of the ICs and sell them illegally. An attacker can apply specific input patterns, observe the outputs for these patterns, and decipher the secret key. To perform this attack, as shown in FIG. 2, the attacker can utilize the obfuscated netlist and a functional IC. An attacker can obtain the obfuscated netlist (205) from the IC design, or by reverse engineering the layout (210), the mask (215), or a manufactured IC (220). The functional IC (225) can then be bought in the open market.
The value of an unknown key can be determined if it can be sensitized to an output without being masked/corrupted by the other key-bits and inputs. By observing the output, the sensitized key bit can be determined, given other key-bits that are X-sources (e.g., those similar to unknown X-sources). Uninitialized memory units, bus contentions, or multi-cycle paths can be the source of unknown response bits (e.g., unknown-Xs in testing) and can be lion-controllable.
Once an attacker can determine an input pattern that can propagate the key-bit value to an output without any interference, it can be applied to the functional IC (e.g., the IC with the correct keys). This pattern can propagate the correct key value to an output. An attacker can observe this output and resolve the value of that key-bit.
For example, as shown in FIG. 1, the key input KI can be sensitized to output 01 if the value at the other input of gate G6 can be 0 (e.g., non-controlling value for an OR gate). This can be achieved by setting I1=1, I2=0 and I3=0. As the attacker can have access to the functional IC, the attacker can apply this pattern and determine the value of K1 on O1. For example, if the value of O1 can be 0 for that input pattern, then K1=0, otherwise K1=1.
This problem can be analogous to the fault sensitization problem in the presence of unknown-X values that can block/mask the fault propagation. (See, e.g., Reference 5). The key-bits KI and K2 can be equivalent to X-sources X1 and X2 in FIG. 1. Both fault detection and key-propagation can utilize an input pattern that sensitizes the fault effect/key bit by blocking the effect of some or all of the X-sources/other key bits, and preventing their interference; justifying the side input of all the gates on the sensitization path to non-controlling values of the gates. However, the two can differ slightly in that fault detection can also involve fault activation by justifying the fault site to the faulty value, while key propagation can utilize only sensitization. Fault detection can aim at blocking/avoiding unknown X's, while key propagation can aim to identify unknowns one at a time resulting in an iterative and dynamic process.
FIG. 3 illustrates an exemplary circuit diagram illustrating how an attacker cannot propagate the effect of key bits individually to the outputs of an integrated circuit, which can be the same functional circuit shown in FIG. 1. However, as shown in FIG. 3, key-gates K1 and K2 can be at different locations. Here, if the attacker has to propagate the effect of either of the keys, then the attacker has to force a 'O1 (e.g., non-controlling value of NOR gates) on the other input of G4. In order to force this value, the attacker has to control the key inputs, which can be inaccessible. Thus the attacker cannot propagate the effect of a key to an output, failing to determine the values of the key.
To prevent attacks on ICs, key-sensitization can be hampered by inserting key-gates in such a way that propagation of a key value can be possible only if certain conditions can be forced on other key inputs. As these key inputs may not be accessible by the attacker, the attacker cannot force the values that can be needed to propagate the effect of a key. Thus, brute force has to be employed.
Logic obfuscation techniques can be broadly classified into two types-sequential and combinational. In sequential logic obfuscation, additional logic (e.g., black) states can be introduced in the state transition graph. (See, e.g., Reference 7).
For example, a state transition graph can be modified in such a way that the design reaches a valid state only on applying a correct sequence of key bits. If the key can be withdrawn, the design, once again, ends up in a black state. In combinational logic obfuscation, XOR/XNOR gates can be introduced to conceal the functionality of a design. (See, e.g., Reference 1). Obfuscation can also be performed by inserting memory elements. (See, e.g., Reference 8). The circuit can function correctly only when these elements can be programmed correctly. However, using memory elements can incur significant performance overhead.
Thus, it may be beneficial to provide a strong defensive scheme and/or system that can utilize smart logic obfuscation, and which can overcome at least some of the problems described herein above.